General
-
Target
JaffaCakes118_7a5c8d189ba3dd68bea0b26a1d72a9c4
-
Size
108KB
-
Sample
250316-qar34avnt5
-
MD5
7a5c8d189ba3dd68bea0b26a1d72a9c4
-
SHA1
2c8b10147818659446028cc4b66f5f8265179768
-
SHA256
7006d52bcfe6c923f5bbc11b4770df626de460397015e6c48097d56176a366df
-
SHA512
adc08cf5193ed11df7b6f0efe57d228ca602045bcb5a39c282449c39b71a8011d3848e48ccba5eed47fe5d3d2e80dca3d16a59e63824fe1c9c5c84238dafdb95
-
SSDEEP
1536:/RiTN7c3iJ2zqra0ePSQOlv7RiTN7c3iJ2zqra0kFy:ZiTi3iUzH059iTi3iUzH0kFy
Malware Config
Targets
-
-
Target
JaffaCakes118_7a5c8d189ba3dd68bea0b26a1d72a9c4
-
Size
108KB
-
MD5
7a5c8d189ba3dd68bea0b26a1d72a9c4
-
SHA1
2c8b10147818659446028cc4b66f5f8265179768
-
SHA256
7006d52bcfe6c923f5bbc11b4770df626de460397015e6c48097d56176a366df
-
SHA512
adc08cf5193ed11df7b6f0efe57d228ca602045bcb5a39c282449c39b71a8011d3848e48ccba5eed47fe5d3d2e80dca3d16a59e63824fe1c9c5c84238dafdb95
-
SSDEEP
1536:/RiTN7c3iJ2zqra0ePSQOlv7RiTN7c3iJ2zqra0kFy:ZiTi3iUzH059iTi3iUzH0kFy
Score10/10-
Andromeda family
-
Andromeda, Gamarue
Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-